It seems that a German person is not generally compatible with security questions. One of my online banking facilities recently asked to update details, including the provision of answers to three security questions. I could chose the three question from a pool of over a dozen of pre-defined questions. Wishing to provide memorable answers gets me thinking:
Where was your first job?
Well, it depends. Do you mean the first occasion where I earned money for work, or the first real job with a contract, or the first …
What was your first pet’s name?
Well, it depends. Do family pets count, or would it have to be my pet? What if I had a pair of hamsters?
Where was your first holiday?
Well, I’d say, it depends. Do you mean the first time my parents took me on a summer holiday (I don’t recall the location), or the first holiday that I remember, or the first holiday without my parents? Do boy scout camps count? The first holiday with a spouse? Is a weekend trip considered a holiday?
Today, I might chose one of the many possible answers to each question, but how can I be sure that, in case of need two years down the line, I will make the same choice?
I end up choosing an answer, not necessarily from the truth, and write it down in my personal files (in a secure manner). Since my mother’s maiden name isn’t exactly a state secret, answering security questions with made-up answers is the most secure way to handle these anyhow, but it leads to the final security question, the hardest of all:
Where do you keep your written-down security answers?
- Security questions are the dumbest thing the internet has ever invented (stritar.net)
- Is your father’s middle name the most secure password recovery question? (rakhikankane.wordpress.com)